Skip to content

Bug fixes
Compare
Choose a tag to compare
@annejan annejan released this 04 Jan 16:10
· 922 commits to main since this release
v1.2.1
This tag was signed with the committer’s verified signature.
annejan Anne Jan Brouwer
GPG key ID: 15B63ADCA0034B9E
Learn about vigilant mode.
d2fedb2
This commit was signed with the committer’s verified signature.
annejan Anne Jan Brouwer
GPG key ID: 15B63ADCA0034B9E
Learn about vigilant mode.

The way QtPass prior to 1.2.1 generates passwords is insecure.

All passwords generated with QtPass's built-in password generator are possibly predictable and enumerable by hackers. The generator used libc's random(), seeded with srand(msecs), where msecs is not the msecs since 1970 (not that that'd be secure anyway), but rather the msecs since the last second.
This means there are only 1000 different sequences of generated passwords.

All passwords that have been generated with QtPass prior to 1.2.1 should be regenerated and changed.

  • Insecure password generation #338 #342
  • Version 1.2.0 leaks passwords #334
  • When importing settings from 1.1.5 or older clipboard settings revert to No Clipboard #232
  • Add Catalan translation #336 (rbuj)
Assets 8
Loading